[Freeipa-devel] [PATCH] 448-449 Switch httpd to use default CCACHE
Petr Viktorin
pviktori at redhat.com
Wed Jan 22 11:42:30 UTC 2014
On 01/21/2014 05:12 PM, Martin Kosek wrote:
> On 01/21/2014 03:07 PM, Petr Viktorin wrote:
>> On 01/16/2014 02:16 PM, Martin Kosek wrote:
>>> [freeipa-mkosek-448-add-runas-option-to-run-function.patch]:
>>>
>>> Run function can now run the specified command as different user by
>>> setting the EUID and EGID for executed process.
>>
>> Please add the new argument to the docstring, otherwise ACK
>>
>>> [freeipa-mkosek-449-switch-httpd-to-use-default-ccache.patch]:
>>>
>>> Stock httpd no longer uses systemd EnvironmentFile option which is
>>> making FreeIPA's KRB5CCNAME setting ineffective. This can lead in hard
>>> to debug problems during subsequent ipa-server-install's where HTTP
>>> may use a stale CCACHE in the default kernel keyring CCACHE.
>>>
>>> Avoid forcing custom CCACHE and switch to system one, just make sure
>>> that it is properly cleaned by kdestroy run as "apache" user during
>>> FreeIPA server installation process.
>>>
>>> https://fedorahosted.org/freeipa/ticket/4084
>>
>> This does not fix the issue for me.
>> On a fresh f20 machine, I installed the server, uninstalled it, and installed
>> again. The second installation failed with the ipa-client-install error
>> described in the ticket.
>>
>
> On your VM, I saw the method I use for running a command as different process
> was indeed not effective. I had to change both effective and real UID/GID to
> make the kdestroy function working.
>
> I also added the missing docstrings in 448, both for runas as well as other
> missing options.
Great, thank you! ACK, fixed a typo in the docstring and pushed to
master: f49c26db2c38e5b60a6be990b95c2926ecfa6247
For the record, this problem appeared in an install-uninstall-install
cycle with no reboot. It's unlikely to appear in the wild, but happens
all the time in CI and on some developers' workflows.
--
Petr³
More information about the Freeipa-devel
mailing list